CISSP-ISSEP Exam - Information Systems Security Engineering Professional

NEW QUESTION 1
Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

• A. Paperwork Reduction Act
• B. Computer Misuse Act
• C. Lanham Act
• D. Clinger Cohen Act

Answer: D

NEW QUESTION 2
Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it

• A. OMB M-99-18
• B. OMB M-00-13
• C. OMB M-03-19
• D. OMB M-00-07

Answer: A

NEW QUESTION 3
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

• A. Section 3.1.5
• B. Section 3.1.8
• C. Section 3.1.9
• D. Section 3.1.7

Answer: B

NEW QUESTION 4
Fill in the blank with an appropriate section name. is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

• A. System Analysis

Answer: A

NEW QUESTION 5
Which of the following policies describes the national policy on the secure electronic messaging service

• A. NSTISSP N
• B. 11
• C. NSTISSP N
• D. 7
• E. NSTISSP N
• F. 6
• G. NSTISSP N
• H. 101

Answer: B

NEW QUESTION 6
You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

• A. Design information systems that will meet the certification and accreditation documentation.
• B. Identify the information protection needs.
• C. Ensure information systems are designed and developed with functional relevance.
• D. Instruct systems engineers on availability, integrity, and confidentiality.

Answer: B

NEW QUESTION 7
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and
telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

• A. Type accreditation
• B. Site accreditation
• C. System accreditation
• D. Secure accreditation

Answer: ABC

NEW QUESTION 8
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

• A. DISA
• B. DIAP
• C. DTIC
• D. DARPA

Answer: C

NEW QUESTION 9
Which of the following responsibilities are executed by the federal program manager

• A. Ensure justification of expenditures and investment in systems engineering activities.
• B. Coordinate activities to obtain funding.
• C. Review project deliverables.
• D. Review and approve project plans.

Answer: ABD

NEW QUESTION 10
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

• A. Certification and accreditation (C&A)
• B. Risk Management
• C. Information systems security engineering (ISSE)
• D. Information Assurance (IA)

Answer: A

NEW QUESTION 11
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

• A. ISO 90012000
• B. Benchmarking
• C. SEI-CMM
• D. Six Sigma

Answer: A

NEW QUESTION 12
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

• A. Data security requirement
• B. Network connection rule
• C. Applicable instruction or directive
• D. Security concept of operation

Answer: A

NEW QUESTION 13
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

• A. Information Protection Policy (IPP)
• B. IMM
• C. System Security Context
• D. CONOPS

Answer: A

NEW QUESTION 14
What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

• A. Basic System Review
• B. Basic Security Review
• C. Maximum Analysis
• D. Comprehensive Analysis
• E. Detailed Analysis
• F. Minimum Analysis

Answer: BDEF

NEW QUESTION 15
John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

• A. Modes of operation
• B. Performance requirement
• C. Functional requirement
• D. Technical performance measures

Answer: C

NEW QUESTION 16
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

• A. Risk response plan
• B. Quantitative analysis
• C. Risk response
• D. Contingency reserve

Answer: D

NEW QUESTION 17
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

• A. Risk management plan
• B. Project charter
• C. Quality management plan
• D. Risk register

Answer: D